2021-01-11 19:02:34 +08:00
|
|
|
# Configure the deployment
|
|
|
|
|
deployment:
|
|
|
|
|
enabled: true
|
|
|
|
|
# Can be either Deployment or DaemonSet
|
2021-06-04 17:03:34 +08:00
|
|
|
kind: DaemonSet
|
2021-01-11 19:02:34 +08:00
|
|
|
replicas: 1
|
|
|
|
|
|
|
|
|
|
# Activate Pilot integration
|
|
|
|
|
pilot:
|
|
|
|
|
enabled: false
|
|
|
|
|
token: ""
|
|
|
|
|
|
|
|
|
|
# Create an IngressRoute for the dashboard
|
|
|
|
|
ingressRoute:
|
|
|
|
|
dashboard:
|
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
|
|
# Configure providers
|
|
|
|
|
providers:
|
|
|
|
|
kubernetesCRD:
|
|
|
|
|
enabled: true
|
|
|
|
|
namespaces: []
|
|
|
|
|
# - "default"
|
|
|
|
|
kubernetesIngress:
|
|
|
|
|
enabled: true
|
|
|
|
|
namespaces: []
|
|
|
|
|
# - "default"
|
|
|
|
|
# IP used for Kubernetes Ingress endpoints
|
|
|
|
|
publishedService:
|
|
|
|
|
enabled: false
|
|
|
|
|
# Published Kubernetes Service to copy status from. Format: namespace/servicename
|
|
|
|
|
# By default this Traefik service
|
|
|
|
|
# pathOverride: ""
|
|
|
|
|
|
|
|
|
|
# Add volumes to the traefik pod. The volume name will be passed to tpl.
|
|
|
|
|
# This can be used to mount a cert pair or a configmap that holds a config.toml file.
|
|
|
|
|
# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
|
|
|
|
|
# additionalArguments:
|
2021-06-04 17:03:34 +08:00
|
|
|
# - "--entryPoints.web.address=:80"
|
|
|
|
|
# - "--entryPoints.websecure.address=:443"
|
2021-01-11 19:02:34 +08:00
|
|
|
volumes: []
|
|
|
|
|
# - name: public-cert
|
|
|
|
|
# mountPath: "/certs"
|
|
|
|
|
# type: secret
|
|
|
|
|
# - name: xxx
|
|
|
|
|
# mountPath: "/config"
|
|
|
|
|
# type: configMap
|
|
|
|
|
|
|
|
|
|
# Additional volumeMounts to add to the Traefik container
|
|
|
|
|
additionalVolumeMounts: []
|
|
|
|
|
# For instance when using a logshipper for access logs
|
|
|
|
|
# - name: traefik-logs
|
|
|
|
|
# mountPath: /var/log/traefik
|
|
|
|
|
|
|
|
|
|
# https://docs.traefik.io/observability/logs/
|
|
|
|
|
logs:
|
|
|
|
|
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
|
|
|
|
|
general:
|
|
|
|
|
# By default, the logs use a text format (common), but you can
|
|
|
|
|
# also ask for the json format in the format option
|
|
|
|
|
# format: json
|
|
|
|
|
# By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
|
|
|
|
|
level: ERROR
|
|
|
|
|
access:
|
|
|
|
|
# To enable access logs
|
|
|
|
|
enabled: false
|
|
|
|
|
# By default, logs are written using the Common Log Format (CLF).
|
|
|
|
|
# To write logs in JSON, use json in the format option.
|
|
|
|
|
# If the given format is unsupported, the default (CLF) is used instead.
|
|
|
|
|
# format: json
|
|
|
|
|
# To write the logs in an asynchronous fashion, specify a bufferingSize option.
|
|
|
|
|
# This option represents the number of log lines Traefik will keep in memory before writing
|
|
|
|
|
# them to the selected output. In some cases, this option can greatly help performances.
|
|
|
|
|
# bufferingSize: 100
|
|
|
|
|
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
|
|
|
|
|
filters: {}
|
|
|
|
|
# statuscodes: "200,300-302"
|
|
|
|
|
# retryattempts: true
|
|
|
|
|
# minduration: 10ms
|
|
|
|
|
# Fields
|
|
|
|
|
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
|
|
|
|
|
fields:
|
|
|
|
|
general:
|
|
|
|
|
defaultmode: keep
|
|
|
|
|
names: {}
|
|
|
|
|
# Examples:
|
|
|
|
|
# ClientUsername: drop
|
|
|
|
|
headers:
|
|
|
|
|
defaultmode: drop
|
|
|
|
|
names: {}
|
|
|
|
|
# Examples:
|
|
|
|
|
# User-Agent: redact
|
|
|
|
|
# Authorization: drop
|
|
|
|
|
# Content-Type: keep
|
|
|
|
|
|
|
|
|
|
globalArguments:
|
|
|
|
|
- "--global.checknewversion"
|
|
|
|
|
|
|
|
|
|
# Configure ports
|
|
|
|
|
ports:
|
|
|
|
|
traefik:
|
|
|
|
|
port: 9000
|
|
|
|
|
expose: true
|
2021-06-04 17:03:34 +08:00
|
|
|
exposedPort: 9000
|
|
|
|
|
web:
|
|
|
|
|
hostPort: 80
|
2021-01-11 19:02:34 +08:00
|
|
|
# Port Redirections
|
|
|
|
|
# Added in 2.2, you can make permanent redirects via entrypoints.
|
|
|
|
|
# https://docs.traefik.io/routing/entrypoints/#redirection
|
|
|
|
|
# redirectTo: websecure
|
|
|
|
|
websecure:
|
2021-06-04 17:03:34 +08:00
|
|
|
hostPort: 443
|
2021-01-11 19:02:34 +08:00
|
|
|
# Set TLS at the entrypoint
|
|
|
|
|
# https://doc.traefik.io/traefik/routing/entrypoints/#tls
|
|
|
|
|
tls:
|
|
|
|
|
enabled: false
|
|
|
|
|
# this is the name of a TLSOption definition
|
|
|
|
|
options: ""
|
|
|
|
|
certResolver: ""
|
|
|
|
|
domains: []
|
|
|
|
|
# - main: example.com
|
|
|
|
|
# sans:
|
|
|
|
|
# - foo.example.com
|
|
|
|
|
# - bar.example.com
|
|
|
|
|
|
|
|
|
|
# Options for the main traefik service, where the entrypoints traffic comes from.
|
|
|
|
|
service:
|
|
|
|
|
enabled: true
|
2021-06-04 17:03:34 +08:00
|
|
|
type: ClusterIP
|
2021-01-11 19:02:34 +08:00
|
|
|
|
|
|
|
|
# If hostNetwork is true, runs traefik in the host network namespace
|
|
|
|
|
hostNetwork: false
|
|
|
|
|
|
|
|
|
|
rbac:
|
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
|
|
resources: {}
|
|
|
|
|
# requests:
|
|
|
|
|
# cpu: "100m"
|
|
|
|
|
# memory: "50Mi"
|
|
|
|
|
# limits:
|
|
|
|
|
# cpu: "300m"
|
|
|
|
|
# memory: "150Mi"
|
2021-06-04 17:03:34 +08:00
|
|
|
affinity:
|
|
|
|
|
nodeAffinity:
|
|
|
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
|
|
|
nodeSelectorTerms:
|
|
|
|
|
- matchExpressions:
|
|
|
|
|
- key: kubernetes.io/role
|
|
|
|
|
operator: In
|
|
|
|
|
values:
|
|
|
|
|
- node
|
2021-01-11 19:02:34 +08:00
|
|
|
nodeSelector: {}
|
|
|
|
|
|
|
|
|
|
# Set the container security context
|
|
|
|
|
# To run the container with ports below 1024 this will need to be adjust to run as root
|
|
|
|
|
securityContext:
|
|
|
|
|
capabilities:
|
|
|
|
|
drop: [ALL]
|
|
|
|
|
readOnlyRootFilesystem: true
|
|
|
|
|
runAsGroup: 65532
|
|
|
|
|
runAsNonRoot: true
|
|
|
|
|
runAsUser: 65532
|
|
|
|
|
|
|
|
|
|
podSecurityContext:
|
|
|
|
|
fsGroup: 65532
|
2021-06-04 17:03:34 +08:00
|
|
|
readinessProbe:
|
|
|
|
|
httpGet:
|
|
|
|
|
path: /ping
|
|
|
|
|
port: 9000
|
|
|
|
|
failureThreshold: 1
|
|
|
|
|
initialDelaySeconds: 10
|
|
|
|
|
periodSeconds: 10
|
|
|
|
|
successThreshold: 1
|
|
|
|
|
timeoutSeconds: 2
|
|
|
|
|
livenessProbe:
|
|
|
|
|
httpGet:
|
|
|
|
|
path: /ping
|
|
|
|
|
port: 9000
|
|
|
|
|
failureThreshold: 3
|
|
|
|
|
initialDelaySeconds: 10
|
|
|
|
|
periodSeconds: 10
|
|
|
|
|
successThreshold: 1
|
|
|
|
|
timeoutSeconds: 2
|
